XSS and bypassing an Imperva WAF with JSFuck
Wow – Grumpy Admins boss, must read his blog! Cause they have been keeping me busy with actual work which means blogging has taken a back seat! I have quite a few projects on the go at the moment, I am doing some very interesting stuff, but stuff I can’t really make a blog out of without compromising my company and employment or spending more time building labs and stuff. Time is the killer not having time makes me GRUMPY!
Well just to give you an idea of the sort of things I been doing these last few months.
- Internal Company Windows 10 Client Deployment
- Designed and implemented Direct Access solution for my company
- Building various Exchange Servers and other servers
- A Sophos enterprise deployment, with message relays
- Installing web servers, with PHP and WordPress on IIS!!!!! Yes, I feel dirty doing it
- Building another ELK stack and Logging Exchange messages
- The normal daily troubleshooting and tasks of being on a busy third line desk
- Implemented Confluence and Service Desk
- Wrote and reviewed all the company security policies, and got my company through Cyber Essentials certification
- Lots of documentation, and study for my CISSP exam in early October
On top of running a small web hosting company and web design company. So now all the excuses are out of the way, I thought I would do something quick to show you I am still alive and my love for PowerShell, is still very strong.
Not blogging has made me Grumpy! But as you see, I have to put food on the plate and the boss gets annoyed if I don’t do what I’m paid to do! I work on the ground floor so lift shafts are hard to find…. So a BOFH solution is out of the question!
Something I did yesterday more a distraction for 5 mins, to be able to say I did it!
I decided to give the Microsoft PowerShell a run on Linux.
Now actually it is dead simple and quick, so perfect for a very quick and not very detailed blog!
On August the 18th Microsoft announced that PowerShell is going open sourced and is now available on Linux…. first after capturing your breath – that is right, you heard me! if you don’t believe me check this blog.
I really like the direction Microsoft as a company is going recently… we have BASH on windows, very useful for web dev’s OMG! thank god Microsoft!
Now PowerShell on Linux, Microsoft are showing they are about getting the job done. I am going to be honest and say, the usefulness is a bit unclear to me at this stage, when you have BASH and python and all the other Linux stuff but I am sure it will fit in with their DSC will rule the world program! But think of this, with MSSQL on Linux, Powershell on Linux, fun times ahead maybe!
Right to business, so let’s install PowerShell on to Linux!
You need to grab the PowerShell package from their GitHub page, Download and install! Simple as a meerkat!
I could use WGET on the CLI – but Grumpy Admin is lazy so I will just download it via my web browser.
Now with most things, you really should download the file and then check the Hash of the file. Microsoft provide the SHA256 of the file, we can use this.
Linux has sha256Sum tool, so we can check this quickly against the website copy and if the two hashes match the file is downloaded ok etc.
A perfect match – I’m happy to install! yes you heard that, grumpy admin is happy!
Now there are a few dependencies, listed
So we need to get these installed in case we don’t already have them!
apt-get install libunwind8 libicu55
Excellent, I already have them installed – it’s as if I did it then decided to remove the package and re-install it so I could capture screenshots for a blog post!
Now the next step is to install the actual PowerShell package!
Easy as pie! Especially as we have the Tab auto complete! Now let’s give it a go! Lets Launch PowerShell from Microsoft on Linux! By typing….
Holy shit! PowerShell on Linux! Can’t be, can it? I need a drink!
let’s throw a cmdlet at it, who knows maybe it’s a fake!
yep that worked…
let’s try something else
Well the output from that looks a bit limited, so let’s do a quick measure and count
so there 345 commands/functions/cmdlets – not bad, let’s just compare that with my Windows 10 box shall we?
Just a slight difference… but it’s better than nothing… now to find a useful actual usage for this! Well there a quick blog – just to say I’m still here guys – I will find more time soon after my CISSP studies as well I need to pass that Exam.